libsoup SoupServer HTTP Request Smuggling Vulnerability Allowing Denial-of-Service

Vulnerability

A HTTP request smuggling vulnerability has been identified in libsoup's SoupServer component. This issue arises from improper handling of requests that use both Transfer-Encoding: chunked and Connection: keep-alive headers. As a result, a remote, unauthenticated client can exploit this vulnerability by sending specially crafted requests. The server fails to close the connection properly, as mandated by RFC 9112, allowing the attacker to smuggle additional requests over the persistent connection. This can lead to unintended request processing and potential denial-of-service conditions.

Impact

Exploitation of this vulnerability can cause a denial-of-service condition by disrupting normal server operations, potentially leading to increased resource consumption or application unavailability.

Added: Feb 2, 2026, 2:21 PM

Updated: Feb 2, 2026, 2:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

6.0

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

6.0

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libsoup SoupServer HTTP Request Smuggling Vulnerability Allowing Denial-of-Service

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating